Currently, FAQ's can be assigned to groups. That FAQ can be by default says "Access for all groups". You can select restrict access to and then specify a group.

I propose that access be split into two categories: Editing and Viewing.

Lets look at the first option. Say you have a large organization and your FAQ's are managed with a distributed model concept. Different departments handle their own content. The overall FAQ Manager would be the only person(s) to create top level categories, and can then assign those categories to specific groups. Now within that category, the group can create sub categories. Everything created within the group would have edit restrictions to that group and the overall FAQ Manager(s).

View restrictions would by default be set to "All Visitors". However it may be that some FAQ's are for internal use only. So your settings for viewing would be:

with 3.0 we'll introduce the "large permission" feature. You can set "sections" for various groups and users where they can view and edit according their permissions. It's currently under heavy development and will be release with the 3rd or 4th alpha of 3.0